Hiscox Cyber Readiness Report 2023

The Hiscox Cyber Readiness Report 2023

US small business focus

Download report

Cyber attacks cost US small businesses over $8,000 annually

The Hiscox Cyber Readiness Report 2023 reveals that small business owners are getting smarter, but so are cyber criminals. Although 63% of small businesses in the US are cyber intermediates and 4% are cyber experts, almost half (41%) experienced at least one cyber-attack during the past year.

The annual Hiscox Cyber Readiness Report 2023 gauges businesses’ preparedness to combat cyber incidents and breaches. The report surveyed over 5,000 professionals responsible for their company’s cyber security strategy from the US, UK, France, Germany, Spain, Belgium, Republic of Ireland, and The Netherlands, including more than 500 US small business professionals.

The cost of cyber-attacks has decreased, but the risk is still high

The median cost of cyber-attacks for one business in a year is $8,300, down from nearly $10,000 last year. Although the cost is down, the median number of attacks has risen from 3 in 2022 to 4 in 2023.

A lesson in cybersecurity

  1. Cyber extortion: Any crime conducted electronically in which the hacker demands money. Cyber extortion includes ransomware, distributed denial-of-service, and other attacks.

  2. Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.

  3. Phishing: The fraudulent practice of sending emails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.

Ransomware is costing small businesses

US small businesses paid over $16,000 in ransoms over the past 12 months. For businesses who paid ransoms, only half (50%) recovered all their data and half (50%) were forced to rebuild systems. Over a quarter of businesses (27%) who paid ransoms were attacked again and 27% went on to be asked for more money by the attacker. Because of this, it’s not recommended to pay a ransom, but a cyber security expert — often provided with cyber insurance — can manage the situation and provide step-by-step advice.

Phishing proves to be a large opportunity for cyber criminals

In ransomware attacks, the most common points of entry were phishing (53%), unpatched servers/VPN (38%), and credential theft (29%). The best way to combat phishing is by regularly teaching all employees how to spot one and testing the system.

quotation marks

In the never-ending arms race of cyber criminals versus cyber security, new technology developments can tip the scales either way. Emails are still the most common point of entry for attacks, and new developments like AI can undermine our tried and trusted ways of spotting a phishy email. Bad actors can create flawless emails, without the grammatical and spelling errors that we're familiar with, so giving employees regular and current training is more critical than ever. Proactivity is the best form of defense when it comes to cyber, and a team is only as strong as the weakest link — or least-trained employee — in the chain.


Chris Hojnowski

Vice President and Product Head of Technology and Cyber,

Hiscox USA

Small businesses are protecting themselves

53% of US small businesses have either a standalone cyber insurance policy or have cyber coverage through another policy.

So what does cyber insurance cover? In many cases, coverage can include things like:

  • Costs associated with responding to a data breach, including the cost to notify anyone who may have been affected
  • Ransom demands and cyber extortion
  • Cyber crime, including social engineering and funds transfer fraud
  • Lost business income and data recovery
  • Expert assistance in responding to a breach and containing the damage.

Cyber resources for your business

Hiscox offers a variety of tools and resources to bolster your cyber security knowledge. To improve your cyber security IQ, read up on the latest in the continuously evolving cyber security schemes designed to compromise your business.

Christopher Hojnowski, Vice President and Product Head, Technology and Cyber for Hiscox USA shares his key tips on how to protect your business from ransomware attacks.

See The Global Hiscox Cyber Readiness Report

While this report focuses on only small businesses in the US, you can see the global results for all sizes of business in the full report.

To receive more content like this from Hiscox USA, including market-leading research, reports and articles from our experts on running a small business, enter your email address here:

The content is provided for general information purposes and is not intended to and does not constitute business or legal advice to any particular person or entity.